Home » The Endace Platform » OSm - Endace Operating System

Endace OSm

Our Operating System for Monitoring.

Endace Operating System for monitoring

The Endace Operating System for monitoring (OSm) is part of all Endace Systems. Built on a Linux kernel, OSm is an open, flexible software environment that delivers 100% accurate captured network traffic to any application you require. OSm is built to ensure that all Endace Systems deliver the maximum value to the user in the shortest possible timeframe. The function of OSm can be broken down into three main areas: platform integration, fabric management and packet management.

Fabric Management

Endace Systems are all designed to be deployed as a distributed fabric. The power of a fabric is the ability to manage all the systems from a single central console, typically in the security operations or network operations centre (SOC or NOC)..

OSm provides a full management interface that allows a fabric of Endace Systems to be easily deployed and managed via the Endace Management Server (EMS). For more information about EMS, download the EMS datasheet.

OSm enables an administrator to see:

  • The health and status of all systems
  • System loading
  • Applications that are running
  • User audit trails
  • Thresholding, alerting and alarming messages.

Platform Integration

OSm enables Endace Systems to be easily integrated into existing physical deployment architectures and plug into standard network management tools such as Tivoli or OpenView.

Each system can generate:

  • Syslog
  • SNMP
  • TACACS and RADIUS
  • IPMI

Packet Management

OSm plays a critical role in bridging the gap between network packets and the applications that use them. There are four key functions that happen between the raw packets and the application:

  • Sourcing packets: OSm provides access to the relevant packets from a range of different sources and makes them available to applications. Sources of packets can include the TCP network, a virtual machine, on-board RAID storage or local SSD memory
  • Transforming packets: packet transformation - including filtering, buffering and load balancing – ensures packets meet the needs of an application so it runs more efficiently
  • Delivering packets: At the end of the process the packets are made available to the application itself, creating a pool of packets that the application can use
  • Messaging bus: OSm enables applications to share information between them to improve Mean Time to Resolution (MTTR) and drive time-to-value

For more information about OSm, download the OSm datasheet.

Endace OSm 4.2 release – Features and Functionality (June 2011)

Twice a year we do a major functionality release which typically includes the launch of some brand new systems, some enhancements to existing systems and a new version of OSm for everyone. Existing customers with compatible hardware and in-life support contracts are entitled to a complementary upgrade to the latest version of OSm.

Software enhancements with OSm 4.2

With OSm 4.2, we’ve launched new powerful platform software features that are designed to enhance the performance and breadth of appeal of the platform to customers and ISVs. In addition, we’ve made some important changes to the Endace Application Dock to make it even more effective. New 4.2 features include:

New Event Recording Trigger OSm feature

At higher network throughputs the volume of traffic being recorded can be extremely high and can, if left unchecked, fill the system’s local storage buffer quite rapidly. To help organisations make more efficient use of the local storage buffer, Endace has developed an Event Recording Trigger which enables any application to trigger a short period of network recording once a network event has been alerted. This capability means that the system only records packets that are of interest, rather than capturing everything. The impact of this innovation is that the half-life of the storage buffer is greatly extended and the speed with which an engineer can identify and resolve network events is improved as the volume of traffic they are required to work through is reduced.

New Event Communication Engine

Network monitoring and security tools are generally designed to identify and alert on events of interest. Once alerted, engineers are employed to resolve the event—a time-consuming process that typically involves multiple discrete systems. The Endace Eventing Engine enables custom, open source of commercial applications that are co-hosted on the Endace System to pass event information between them quickly and efficiently using a standard programming interface. This capability removes the need for ‘swivel-chair’ event management within Network / Security Operation Centres (NOCs and SOCs) and, when used in conjunction with the forensic and investigatory tools that are native to every Endace System, can help to dramatically reduce the Mean Time to Resolution on events.

Endace Application Dock Enhancements

As an open and flexible application hosting environment for third-party, custom or open-source applications running on Endace Systems, with this release, the Endace Application Dock supports up to six virtual machines, depending on the specification of the System itself. Dock efficiently enables the quick and secure deployment of all third-party applications with:

  • Multiple vDAG support – allowing attachment of multiple vDAGs into a virtual machine
  • vDAG transmit – virtual machines can now emit data back into the ERFstream engine, providing all of the benefits of the EndaceProbe™ solution to virtualised applications
  • Improved emulated device support
  • Integrated ODE ISO for quick and easy provisioning of vDAG-enabled virtual machines